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DETAILED ACTION 


1. 


Claims 1-44 have been examined. 


Drawings 


2. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(4) 
because reference numeral "24" in figure 1 has been used to designate both a 
communication link and the firewall. Corrected drawing sheets are required in reply to 
the Office action to avoid abandonment of the application. Any amended replacement 
drawing sheet should include all of the figures appearing on the immediate prior version 
of the sheet, even if only one figure is being amended. The replacement sheet(s) 
should be labeled "Replacement Sheet" in the page header (as per 37 CFR 1.84(c)) so 
as not to obstruct any portion of the drawing figures. If the changes are not accepted by 
the examiner, the applicant will be notified and informed of any required corrective 
action in the next Office action. The objection to the drawings will not be held in 
abeyance. 

Specification 

3. The disclosure is objected to because of the following informalities: change "host 
computer, 24" (page 8, line 18) to "host computer, 34" (see figure 1); 

Appropriate correction is required. 
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Claim Rejections - 35 USC § 102 


4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
. another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

5. Claims 1-4, 16-19 and 32-35 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Riggins et al. (6,131,116). 

a. Regarding claim 1, which is representative of claims 16 and 32, Riggins 
discloses a system comprising a client computer which meets the limitation of a visitor's 
computer (fig. 1 , element 150), a master server which meets the limitation of an 
administration computer (fig. 1 , element 130), an application computer (fig. 1 , element 
1 10), a firewall protecting the application computer (col. 1, line 62 - col. 2, line 2; fig. 1, 
element 130) and a transmission path over the Internet (fig. 1 , element 140), 
characterized in that communications between said visitor's computer and the 
application computer are mediated by a set of applets being generated by the 
administration computer and operating on the visitor's computer, the set of applets meet 
the limitation of an electronic badge (figures 6 and 8). 
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b. Regarding claims 2, 17 and 33, Riggins further discloses that the administration 
computer and the application computer are realized on a single data processing 
machine (fig. 1, elements 130 and 138). 

c. Regarding claims 3, 18 and 34, Riggins further discloses that the administration 
computer and the application computer are distinct data processing machines, and in 
that communications between the visitor's computer and the application computer are 
controlled by a firewall located in the administration computer (fig. 1, elements 150, 130 
and 110 and fig. 7). 

d. Regarding claims 4, 19 and 35, Riggins further discloses that the administration 
computer is protected by a firewall (col. 1 , line 62 - col. 2, line 2). 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 5-13, 20-23, 25-27 and 36-43 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Riggins as applied to claims 1,16 and 32 above, and further in 
view of Hudson et al. (6,055,637). 

a. Regarding claims 5, 20 and 36, Riggins does not disclose a single applet for 
accessing all authorized services. However, Riggins discloses a set of applets 
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downloaded together and each responsible for accessing a separate authorized service. 
It is well known in the art that a large program can comprise multiple modules each 
performing a separate task for ease of development and maintenance. In addition, the 
applets implemented in the Riggins reference meet the definition of a Java applet in that 
applets are small programs. Therefore, the Riggins set of applets meets the limitation 
of the claimed applet. 

Riggins does not disclose that the applet contains an identifier, a password and a 
list of access rights. Hudson discloses a system for controlling access to resources 
utilizing a credential token that contains a user ID, a password and a list of access right 
(col. 2, line 67 - col. 3, line 4; lines 23-28, 31-38); the token allows authorized access to 
resources, so it is functionally equivalent to an electronic badge. It would have been 
obvious to one of ordinary skill in the art at the time the invention was made to modify 
the system of Riggins such that the electronic badge contains an identifier, a password 
and a list of access rights, as taught by Hudson. The motivation for doing so would 
have been that the token represents authorization for the user to access all the 
resources listed on the access lists (col. 3, lines 4-5). 

b. Regarding claims 6, 21 and 37, Hudson further discloses that the list of access 
rights of claim 5 permits access to one or more software applications (col. 3, lines 4-5 
and fig. 1). 

c. ' Regarding claims 7, 22 and 38, Riggins further discloses that the applet is 
adapted to run on the visitor's computer and cause one or more icons to be displayed 
(col. 8, lines 11-19). 
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d. Regarding claims 8, 23 and 39, Riggins further discloses a Web server adapted 
to issue electronic badges (fig. 1, elements 133, 136). Riggins does not disclose that 
the administration computer includes a control panel. Hudson discloses an 
administrator issuing credential token utilizing a security database, the token allows 
authorized access to resources, so it is functionally equivalent to an electronic badge 
(see Abstract; col. 4, lines 50-58). Hudson does not explicitly disclose that the 
administration computer includes a control panel. However, this feature is deemed to 
be inherent to the Hudson system. The administrator would not be able to issue 
credential token without a control panel. It would have been obvious to one of ordinary 
skill in the art at the time the invention was made to modify the system of Riggins such 
that the administration computer includes a control panel adapted to issue electronic 
badges, as taught by Hudson, and accordingly, the control panel is linked to the Web 
server. The motivation for doing so would have been to allow the administrator to 
perform issuing of tokens. 

e. Regarding claims 9, 25 and 40, Riggins does not discloses that the 
administration computer includes a control server linked to the control panel and a 
database of access rules linked to the control sen/er. Hudson further discloses that the 
administration computer of claim 8 includes a control server linked to the control panel 
and a database of access rules linked to the control server (see fig. 3, col. 4, lines 55- 
58). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the system of Riggins such that the administration 
computer includes a control server linked to the control panel and a database of access 
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rules linked to the control server, as taught by Hudson. The motivation for doing so 
would have been that the administrator could have access to users* identification and 
authorization information. 

f. Regarding claims 10, 26 and 41 , Riggins further discloses that the administration 
computer functions as a firewall protecting the application computer (fig. 7). 

g. Regarding claims 1 1 , 27 and 42, Riggins discloses an access control means to 
protect the Web server (col. 1 , lines 53-55). However. Riggins does not explicitly 
disclose using passwords. Hudson discloses using user ID and password for 
authentication and authorization purposes (fig. 1). It would have been obvious to one 
of ordinary skill in the art at the time the invention was made to modify the system of 
Riggins to use user ID and password, as taught by Hudson, for authentication and 
authorization purposes. 

h. Regarding claims 12. Riggins further discloses that the electronic badge is 
deposited for collection on the Web server (fig. 1 , elements 133 and 136). 

i. Regarding claim 1 3, Riggins further discloses that an authorized visitor's 
computer can download the electronic badge by accessing the Web server if (col. 1 , 
lines 53-55; fig. 1, elements 133 and 136). Riggins does not explicitly disclose the 
visitor's computer providing password and identification. Hudson discloses users 
providing user ID and password for authentication and authorization purposes (fig. 1). 
It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to modify the system of Riggins to use user ID and password, as taught by 
Hudson, for authentication and authorization purposes. 
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j. Regarding claim 43, Riggins further discloses that the electronic badge is 
deposited for collection on the Web server (fig. 1 , elements 133 and 136). 

8. Claims 14 and 44 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Riggins in view of Hudson as applied to claim 8 and 36 above, and further in view of 
Scheifler et al. (6,138,238). Riggins and Hudson do not disclose that the access rights 
associated with the electronic badge can be changed dynamically. Scheifler discloses a 
system regulating access to resources in which access rights associated with a principle 
can be changed dynamically (col. 4, lines 26-29). It would have been obvious to one of 
ordinary skill in the art at the time the invention was made to modify the system of 
Riggins and Hudson such that the access rights associated with the electronic badge 
can be changed dynamically, as taught by Scheifler, so that the security in computer 
systems could be enhanced (col. 4, lines 54-56). 

9. Claims 15 is rejected under 35 U.S.C. 103(a) as being unpatentable over Riggins 
in view of Hudson as applied to claim 8 above, and further in view of Montulli 
(5,774,670). Riggins and Hudson do not disclose that the electronic badge is deleted 
by a signal from the control server. Montulli discloses a cookie being deleted by a 
signal from a server; the cookie is functionally equivalent to the electronic badge (col. 9, 
lines 34-41 ). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the system of Riggins and Hudson such that the 
electronic badge is deleted by a signal from the control server, as taught by Montulli, so 
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that the server (col. 4, lines 54-56) so that the server could remove undesired cookies 
previously sent to a client. 

10. Claims 24 and 28-29 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Riggins in view of Hudson as applied to claim 23 above, and further in view of Daly 
et al. (5,875,394). 

a. Regarding claim 24, Riggins and Hudson do not disclose the steps of 
establishing a voice link over the PSTN between the user of the visitor's computer and 
an operator at the administration center, the operator verifying the user and assigning 
and communicating a password to the user over the voice link. Daly discloses a 
process for securely assigning a password comprising the steps of establishing a voice 
link over the PSTN between a user and an operator at the administration center, the 
operator verifying the user and assigning and communicating a password to the user 
over the voice link (see fig, 3). It would have been obvious to one of ordinary skill in the 
art at the time the invention was made to modify the method of Riggins and Hudson to 
include the steps of establishing a voice link over the PSTN between the user of the 
visitor's computer and an operator at the administration center, the operator verifying 
the user and assigning and communicating a password to the user over the voice link, 
as taught by Daly, in order to avoid the risk of piracy (col. 2, lines 33-36). 

b. Regarding claim 28, Riggins further discloses that the electronic badge is 
deposited for collection on the Web server (fig. 1, elements 133 and 136). 
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c. Regarding claim 29, Riggins further discloses that an authorized visitor's 
computer can download the electronic badge by accessing the Web server if (col. 1 , 
lines 53-55; fig. 1, elements 133 and 136). Riggins does not explicitly disclose the 
visitor^s computer providing password and identification. Hudson discloses users 
providing user ID and password for authentication and authorization purposes (fig. 1). 
It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to modify the method of Riggins to use user ID and password, as taught by 
Hudson, for authentication and authorization purposes. 

1 1 . Claim 30 is rejected under 35 U.S.C. 103(a) as being unpatentable over Riggins, 
Hudson and Daly as applied to claim 24 above, and further in view of Susaki et al. 
(6,189,032). Riggins, Hudson and Daly do not disclose the steps of said visitor 
requesting access, while connected to said application computer, to a first software 
application, not pre-authorized on said electronic visitor's badge, said control panel 
giving an alarm condition, said host confirming over said voice link that the said visitor 
has requested access to the first software application, and modifying the access rights 
associated with the electronic visitor's badge via said control panel. Susaki discloses a 
method for controlling access rights to services comprising the steps of a user 
requesting access, while connected to said application computer, to a service, not pre- 
authorized according to the user's access rights, giving an alarm condition, confirming 
that the user has requested access to the service, and modifying the access rights 
associated with the user (col. 3, lines 41-54). It would have been obvious to one of 
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ordinary skill in the art at the time the invention was made to modify the method of 
Riggins, Hudson and Daly to include the steps of said visitor requesting access, while 
connected to said application computer, to a first software application, not pre- 
authorized on said electronic visitor's badge, said control panel giving an alarm 
condition, said host confirming over said voice link that the said visitor has requested 
access to the first software application, and modifying the access rights associated with 
the electronic visitor's badge via said control panel, as taught by Susaki, so that access 
to services that need approval and consent by another party could properly be 
controlled (col. 3, lines 55-59). 

12. Claim 31 is rejected under 35 U.S.C. 103(a) as being unpatentable over Riggins, 
Hudson and Daly as applied to claim 24 above, and further in view of Montulli. Riggins, 
Hudson and Daly do not disclose that the electronic badge is deleted by a signal from 
the control server. Montulli discloses a cookie being deleted by a signal from a server; 
the cookie is functionally equivalent to the electronic badge (col, 9, lines 34-41). It 
would have been obvious to one of ordinary skill in the art at the time the invention was 
made to modify the method of Riggins, Hudson and Daly such that the electronic badge 
is deleted by a signal from the control server, as taught by Montulli, so that the server 
(col. 4, lines 54-56) so that the server could remove undesired cookies previously sent 
to a client. 
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Conclusion 


13. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Parker et al. (5,729,734) discloses a file privilege administration method. 

Mirsa et al. (5,757,920) discloses a logon certificate. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Minh Dinh whose telephone number is 703-306-5617. 
The examiner can normally be reached on Mon - Fri: 9:00 am - 5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 703-305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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